Access your Pro+ Content below.

Revamped FISMA requirements aim to improve federal security

Compliance with the Federal Information Security Management Act of 2002 (FISMA) has long been a thorn in the side of government agencies. Failing grades from the General Accounting Office have been commonplace, leading to increased scrutiny of government security and the state of data security within respective agencies. "FISMA was never implemented by measuring security effectiveness, it was only used to justify wasteful exercises in compliance," says Alan Paller, director of research at the SANS Institute. FISMA, often considered an ineffective paper exercise, has since undergone something of an overhaul. The introduction of an automated reporting tool and mandates for continuous monitoring are aimed at moving agencies beyond data collection to risk management and ultimately, better information security. The road to streamlined FISMA requirements has its challenges, though. CYBERSCOPE In October 2009, seven years after FISMA was enacted and racked up some $40 billion in costs, Federal CIO Vivek Kundra unveiled CyberScope. The ...

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.